]>
git.proxmox.com Git - ceph.git/blob - ceph/src/rgw/rgw_role.cc
fe028f315971ea1a7f18f2e68ba1ffacf8f8c5b6
1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab ft=cpp
8 #include "common/errno.h"
9 #include "common/Formatter.h"
10 #include "common/ceph_json.h"
11 #include "common/ceph_time.h"
12 #include "rgw_rados.h"
15 #include "include/types.h"
16 #include "rgw_string.h"
18 #include "rgw_common.h"
19 #include "rgw_tools.h"
22 #include "services/svc_zone.h"
23 #include "services/svc_sys_obj.h"
25 #define dout_subsys ceph_subsys_rgw
29 namespace rgw
{ namespace sal
{
31 const string
RGWRole::role_name_oid_prefix
= "role_names.";
32 const string
RGWRole::role_oid_prefix
= "roles.";
33 const string
RGWRole::role_path_oid_prefix
= "role_paths.";
34 const string
RGWRole::role_arn_prefix
= "arn:aws:iam::";
36 int RGWRole::get(const DoutPrefixProvider
*dpp
, optional_yield y
)
38 int ret
= read_name(dpp
, y
);
43 ret
= read_info(dpp
, y
);
51 int RGWRole::get_by_id(const DoutPrefixProvider
*dpp
, optional_yield y
)
53 int ret
= read_info(dpp
, y
);
61 int RGWRole::update(const DoutPrefixProvider
*dpp
, optional_yield y
)
63 int ret
= store_info(dpp
, false, y
);
65 ldpp_dout(dpp
, 0) << "ERROR: storing info in Role pool: "
66 << id
<< ": " << cpp_strerror(-ret
) << dendl
;
73 void RGWRole::set_perm_policy(const string
& policy_name
, const string
& perm_policy
)
75 perm_policy_map
[policy_name
] = perm_policy
;
78 vector
<string
> RGWRole::get_role_policy_names()
80 vector
<string
> policy_names
;
81 for (const auto& it
: perm_policy_map
)
83 policy_names
.push_back(std::move(it
.first
));
89 int RGWRole::get_role_policy(const DoutPrefixProvider
* dpp
, const string
& policy_name
, string
& perm_policy
)
91 const auto it
= perm_policy_map
.find(policy_name
);
92 if (it
== perm_policy_map
.end()) {
93 ldpp_dout(dpp
, 0) << "ERROR: Policy name: " << policy_name
<< " not found" << dendl
;
96 perm_policy
= it
->second
;
101 int RGWRole::delete_policy(const DoutPrefixProvider
* dpp
, const string
& policy_name
)
103 const auto& it
= perm_policy_map
.find(policy_name
);
104 if (it
== perm_policy_map
.end()) {
105 ldpp_dout(dpp
, 0) << "ERROR: Policy name: " << policy_name
<< " not found" << dendl
;
108 perm_policy_map
.erase(it
);
113 void RGWRole::dump(Formatter
*f
) const
115 encode_json("RoleId", id
, f
);
116 encode_json("RoleName", name
, f
);
117 encode_json("Path", path
, f
);
118 encode_json("Arn", arn
, f
);
119 encode_json("CreateDate", creation_date
, f
);
120 encode_json("MaxSessionDuration", max_session_duration
, f
);
121 encode_json("AssumeRolePolicyDocument", trust_policy
, f
);
123 f
->open_array_section("Tags");
124 for (const auto& it
: tags
) {
125 f
->open_object_section("Key");
126 encode_json("Key", it
.first
, f
);
128 f
->open_object_section("Value");
129 encode_json("Value", it
.second
, f
);
136 void RGWRole::decode_json(JSONObj
*obj
)
138 JSONDecoder::decode_json("id", id
, obj
);
139 JSONDecoder::decode_json("name", name
, obj
);
140 JSONDecoder::decode_json("path", path
, obj
);
141 JSONDecoder::decode_json("arn", arn
, obj
);
142 JSONDecoder::decode_json("create_date", creation_date
, obj
);
143 JSONDecoder::decode_json("max_session_duration", max_session_duration
, obj
);
144 JSONDecoder::decode_json("assume_role_policy_document", trust_policy
, obj
);
147 bool RGWRole::validate_input(const DoutPrefixProvider
* dpp
)
149 if (name
.length() > MAX_ROLE_NAME_LEN
) {
150 ldpp_dout(dpp
, 0) << "ERROR: Invalid name length " << dendl
;
154 if (path
.length() > MAX_PATH_NAME_LEN
) {
155 ldpp_dout(dpp
, 0) << "ERROR: Invalid path length " << dendl
;
159 std::regex
regex_name("[A-Za-z0-9:=,.@-]+");
160 if (! std::regex_match(name
, regex_name
)) {
161 ldpp_dout(dpp
, 0) << "ERROR: Invalid chars in name " << dendl
;
165 std::regex
regex_path("(/[!-~]+/)|(/)");
166 if (! std::regex_match(path
,regex_path
)) {
167 ldpp_dout(dpp
, 0) << "ERROR: Invalid chars in path " << dendl
;
171 if (max_session_duration
< SESSION_DURATION_MIN
||
172 max_session_duration
> SESSION_DURATION_MAX
) {
173 ldpp_dout(dpp
, 0) << "ERROR: Invalid session duration, should be between 3600 and 43200 seconds " << dendl
;
179 void RGWRole::extract_name_tenant(const std::string
& str
)
181 size_t pos
= str
.find('$');
182 if (pos
!= std::string::npos
) {
183 tenant
= str
.substr(0, pos
);
184 name
= str
.substr(pos
+ 1);
188 void RGWRole::update_trust_policy(string
& trust_policy
)
190 this->trust_policy
= trust_policy
;
193 int RGWRole::set_tags(const DoutPrefixProvider
* dpp
, const multimap
<string
,string
>& tags_map
)
195 for (auto& it
: tags_map
) {
196 this->tags
.emplace(it
.first
, it
.second
);
198 if (this->tags
.size() > 50) {
199 ldpp_dout(dpp
, 0) << "No. of tags is greater than 50" << dendl
;
205 boost::optional
<multimap
<string
,string
>> RGWRole::get_tags()
207 if(this->tags
.empty()) {
213 void RGWRole::erase_tags(const vector
<string
>& tagKeys
)
215 for (auto& it
: tagKeys
) {
216 this->tags
.erase(it
);
220 const string
& RGWRole::get_names_oid_prefix()
222 return role_name_oid_prefix
;
225 const string
& RGWRole::get_info_oid_prefix()
227 return role_oid_prefix
;
230 const string
& RGWRole::get_path_oid_prefix()
232 return role_path_oid_prefix
;
235 } } // namespace rgw::sal